I uploaded a GPG key to subkeys.pgp.net back in 2005. It’s well past time for me to replace it. I covered creating your revocation certificate back in PGP & GPG, but didn’t actually write about using that revocation certificate. Nine years later… yeah, I better figure this out.
So Io to the machine with my . . . → Read More: Revoked and Replaced OpenPGP Key
I’ve recently moved my personal web sites to https://www.vultr.com/, using virtual machines instead of real hardware. (I’ve caught up to the 2000s, hurrah!) I didn’t track server utilization, so I provisioned the machines based on a vague gut feeling.
The web server started spewing signal 11s, occasionally taking down the site by killing mysql. Investigation . . . → Read More: Shuffling Partitions on FreeBSD
BSDs generally break their PHP packages into smaller units than most Linux distribution. This means that you need extra packages when following installation guides. I’m installing Phabricator on FreeBSD because I want ZFS under it.
This is the complete list of PHP modules and related stuff I needed to install to get Phabricator to run . . . → Read More: Phabricator on FreeBSD installation notes
Why automatically snapshot filesystems? Because snapshots let you magically fall back to older versions of files and even the operating system. Taking a manual snapshot before a system upgrade is laudable, but you need to easily recover files when everything goes bad. So I surveyed my Twitter followers to see what FreeBSD ZFS snapshot automation . . . → Read More: a survey of FreeBSD ZFS snapshot automation tools
Well, “profit” is a strong word. Maybe “not losing money” would be a better description. Perhaps even “not screwing over readers.”
I back up my personal stuff with a combination of snapshots, tarballs, rsync, and sneakernet. This is fine for my email and my personal web site. Chances are, if all four of my backup . . . → Read More: Installing and Using Tarsnap for Fun and Profit
Thanks to various airline problems, we had an open spot on the BSDCan schedule. Bob Beck filled in at the last moment with a talk on the first thirty days of LibreSSL. Here are some rough notes on Bob’s talk (slides now available).
LibreSSL forked from OpenSSL 1.0.1g.
Why did “we” let OpenSSL happen? Nobody . . . → Read More: LibreSSL at BSDCan
“Hey, where is Lucas? Why hasn’t he posted lately?”
I’ve done nothing worth posting about. Most of this month I spent removing a per-millennial switch from the core of the network, which was painstaking and annoying but not noteworthy. I then spent nine days at a writing workshop, which was fascinating, educational, and utterly exhausting. . . . → Read More: Penguicon 2014 Schedule
Chris Sanders kindly sent me a review copy of Applied Network Security Monitoring, written by Sanders along with Jason Smith, David J Bianco, and Liam Randall. It’s a very solid work, with much to recommend it to IT people who either have been told to implement security monitoring or who think that they should.
Some . . . → Read More: Book Review: “Applied Network Security Monitoring”
DANE, or DNS-based Authentication of Named Entities, is a protocol for stuffing public key and or public key signatures into DNS. As standard DNS is forged easily, you can’t safely do this without DNSSEC. With DNSSEC, however, you now have an alternative way to verify public keys. Two obvious candidates for DANE data are SSH . . . → Read More: DNSSEC-verified SSL Certificates, the Standard Way
The video of my NYCBSDCon talk is now on available on YouTube.
This talk is a little rougher than most I give. I felt worn-out before I even spoke on Saturday night. I woke up Sunday morning with tonsils the size of tennis balls (which made airport security interesting, let me tell you. “No, those . . . → Read More: NYCBSDCon 2014 Video, and 2014 appearances